美团滑块(1-18,js逆向)
网址:aHR0cHM6Ly9wYXNzcG9ydC5tZWl0dWFuLmNvbS9hY2NvdW50L3VuaXRpdmVsb2dpbg==
整体流程:
1、获取主页参数
2、逆向pwd、h5Fingerprint
3、请求page_data链接
4、逆向Authencation、behavior、token_
5、最终请求验证
一、获取主页参数
url_ = "https://passport.meituan.com" + re.search(r'id="J-normal-form" action="(.*?)"', response).group(1).replace('=', '=').replace('amp;', '')
csrf = re.search(r'"csrf" value="(.*?)"', response).group(1)
uuid = re.search(r'uuid=(.*?)&', url_).group(1)
token_id = re.search(r'token_id=(.*?)&', url_).group(1)
continues = url_.split('continue=')[1]
二、逆向pwd、h5Fingerprint
(1)pwd,跟进去发现是个rsa,简单扣下就ok
(2) h5Fingerprint,定位:
继续跟进这个混淆后的js,看到是通过n生成sign的,n是主页返回的一些东西
再往后跟就会发现是btoa,直接改写下就ok
然后到这里,将sign赋值给C,再加密,ts和cts稍微改下,其他固定即可(注意这里的环境值,后面滑块也会有,需要保持一致)
注:这个js如果觉得看得麻烦可以用ast反混淆下变量名,代码如下:
// 这个文件是run.js,demo.js放需要需要解混淆的js,decrypt_func.js是解密函数
const fs = require('fs');
const {parse} = require("@babel/parser");
const traverse = require("@babel/traverse").default;
const types = require("@babel/types");
const generator = require("@babel/generator").default;
const _0x24f5 = require("./decrypt_func");
let jscode = fs.readFileSync("./demo.js", {
encoding: "utf-8"
});
let ast = parse(jscode);
// 十六进制转换
function delete_unicode(path){
if (path.node.extra == undefined){return;}
delete path.node.extra
path.skip()
}
// 找到需要替换的调用函数,push到数组
name_array = ['a7_0x3a83']
function find_decode_name(path){
let node = path.node;
if (!node.declarations || node.declarations[0].init == null || node.declarations[0].init.name == undefined){return}
let call_name = node.declarations[0].id.name;
let binding = path.scope.getBinding(call_name);
if (call_name == '_0x41c885' || binding.references<=0){return}
if (name_array.indexOf(call_name) == -1){
name_array.push(call_name)
}
}
// 替换字符串
function replace_name(path){
let node = path.node;
if (!node.arguments[0]){return}
if(node.arguments[0].type == 'NumericLiteral' && node.callee.type == 'Identifier'){
const key = node.callee.name;
const value = node.arguments[0].value;
if (key == '_0x24f5'){
let value_new = _0x24f5(value);
console.log(value_new,"<-->",key,"<-->",value)
let string_node = types.stringLiteral(value_new)
path.replaceWith(string_node)
}
}
}
traverse(ast,{"NumericLiteral|StringLiteral": delete_unicode})
console.log("十六进制还原结束~~")
traverse(ast,{"CallExpression": replace_name})
console.log("变量名还原结束~~")
let {code} = generator(ast,opts = {jsescOption:{"minimal":true}});
fs.writeFile('decode.js', code, (err)=>{});
//这个文件是decrypt_func.js
function _0x5b47() {
var _0x25463d = ["Freefrm721 Blk BT", "postInfo", "slice", "NETWORK_FAILURE_TIP", "</p>\n ", "Vivaldi", "YodaKNB", "RISK_GET_VERIFYINFO_LIMIT", "Date", "getUniformIndices", "121011", "OscillatorNode", "121042", "HIGH_FLOAT", "Vagabond", "SimSun-ExtB", "FrankRuehl", "127032", "setTimeout", "fill", "Bradley Hand", "isMobile", "AvantGarde Md BT", "Float32Array", "FRUTIGER", "Adobe Garamond", "pay", "request_code", "constructor,hasOwnProperty,isPrototypeOf,propertyIsEnumerable,toLocaleString,toString,valueOf", "Tw Cen MT", "Geeza Pro", "_yoda_riskLevel", "NEVIS", "cts", "assign", "-9999px", "MAX_COMBINED_UNIFORM_BLOCKS", " : null", "globalLoadModel", "GOTHAM BOLD", "getActiveUniformBlockName", "toFixed", "TRIANGLES", "Cambria", "121125", "_timelimit", "resetVariable", "root", "yodaCommonThemeColor", "failCallbackFun", "__core-js_shared__", "name", "Serifa BT", "RISK_FACE_POLICE_DATABASE_NOT_FOUND", "RISK_MOBILE_NOT_VALID", "isNeedLoad", "quickapp_miniProgram", "yodaMoveingBar", "rejected", "getContext", "MT Extra", "Bradley Hand ITC", "Arial", "write", "AliApp", "decode", "boxError", "_selenium", "classof", "COMPILE_STATUS", "isLoading", "sliderMaxLenth", "bindEvents", "MS Reference Specialty", "buttonName", "Lithograph Light", "setValueAtTime", "TypoUpright BT", "symbol-registry", "getExtension", "121005", "Khmer UI", "uniform4uiv", "byteOffset", "RISK_USER_NOT_LOAD", "2.2.2", "Vladimir Script", "toDataURL", "MS PGothic", "getUniformBlockIndex", "abnormal", "checkRiskLevel", "EUROSTILE", "customElements", "succCallbackFun", "last", "Noteworthy", "121053", "111", "wRU", "findChild", "00101", "substr", "b_techportal_property_mv", "language", "return (function() ", "bind", "waimai", "precision", "RISK_GET_VERIFY_INFO_ERROR_RETRY", "scrollLeft", "Freestyle Script", "A promise cannot be resolved with itself.", "CordiaUPC", "Footlight MT Light", "Centaur", "121064", "121133", "setResult", "MY_miniProgram", "passive", "padding: .3em .8em; border: 1px solid #999; border-radius: .3em; background: transparent; margin: .6em auto; outline: none; color: ", "floor", "MingLiU_HKSCS-ExtB", "getQuery", "navigator", "_bytes", " \n 请求地址", "51d7c9ad", "apply", "Gill Sans", "Timestamp", "function", "options", "pathname", "[object]", "removeHandler", "MAX_COMBINED_FRAGMENT_UNIFORM_COMPONENTS", "makeDOMException", "121001", "Raavi", "切换验证方式", "RISK_VERIFY_REQUEST_TIME_OUT", "pageX", "NewsGoth BT", "key", "#A4A3A3", "Mrs Eaves", "title", "request_null", "GeoSlab 703 Lt BT", "Pickwick", "121057", "getProgramParameter", "delta", "Iskoola Pota", "' src='https://s3plus.meituan.net/v1/mss_f231eb419c414559a1837748d11d4312/yoda-resources/help_icon.png'>\n </div>\n <p class='slider-title ", "min", "stop", "circle3", "group", "ZapfHumnst Dm BT", "NETWORK_REDIRECT_TIP", "data", "getbyte", "uniform2ui", "pcHtml", ">\n <div class='boxStatic ", "callPhantom", "lwc", "/v2/ext_api/", "shaderSource", "getDate", "121154", "121123", "close", "ネットワークがリダイレクトしました、後でもう一度やり直してください", "925458AfqHQn", "getBufferSubData", "0-0-0-0", "rangeMax", "boxStatic", "Party LET", "ontouchmove", "'>\n ", "enableVertexAttribArray", "wsh", "Goudy Stout", "bindBuffer", "RISK_NOT_VERIFY_BY_ORDER", "wordBreak", "121112", "mouseout", "symbols", "setPrototypeOf", "新版签名正常", "drag", "40zdFOiH", "\n ", "header", "callHandle", "RISK_BOOM_PROOF_DENY", "defenseForm", "style", "no support webgl", "maxContainer", "moveingBar ", "__driver_unwrapped", "Content-MD5", "utf8", "globalCompositeOperation", "getFonts", "formDataPost", "RISK_PARAMS_INVALID_FORMART", "Trident", "isSync", "'>\n <div class='cententWrapper ", "background-color: ", "setUint32", "offsetX", "circle6", "Unicorn", "getWebglVendorUnmasked", "创建XMLHttpRequest对象失败", "request_timeout", "vendor", "MingLiU_HKSCS", "'></div>\n </div>\n </div>", "customStyle", "ALPHA", "Harrington", "Aparajita", "getInt32", "MUSEO", "exponentialRampToValueAtTime", "</span>\n <span class='subtitle ", "Euphemia UCAS", "Ayuthaya", "v_c", "'></div>\n <div class='circle3 ", "_yoda_category_", "CU_PRESIGN_FAIL", "High Tower Text", "MAX_DRAW_BUFFERS", "Gujarati Sangam MN", "RISK_VERIFY_ERROR_RETRY", "Incised901 BT", "sign", "PADCHAR", "getElementsByTagName", "ARRAY_BUFFER", "setInt32", "invalid plaintext size (must be 16 bytes)", "Matisse ITC", "abs", "></div>\n <div class='globalPCCombinationWrapper ", "__selenium_evaluate", "none", "Serifa Th BT", "121050", "call", "Cuckoo", "pageY", "allSettled", "webgl", "moveTo", "RISK_COMMON_PARAMS_LOST", "Lucida Calligraphy", "localStorage", "DFKai-SB", "_setter", "Viner Hand ITC", "Onyx BT", "isKNBEnv", "Kalinga", "getBoundingClientRect", "boxOk ", "arc", "setUint8", "'>\n <div class='slider-help-wrapper' id='", "createQuery", "'>\n <div class='circle ", "'>为了完成验证,需要您提供多项信息</span>\n </div>\n <button type='button'\n class='btn ", "Cooper Black", "Array", "Offset plus length of array is out of range", "_yoda_listIndex", "shadowOffsetY", "whiteSpace", "Bitstream Vera Sans Mono", "DataView", "buttons", "createbgImage", "MAX_3D_TEXTURE_SIZE", "beginQuery", "Lucida Sans", "duration", "</button>\n </div>", "Gill Sans MT Condensed", "Niagara Solid", "fontSize", "Tubular", "Internet Explorer", "normal", "103", "Error: ", "Century Schoolbook", "Bookshelf Symbol 7", "RISK_AUTHORIZE_CODE_EXPIRE", "charCodeAt", "Marion", "Bodoni 72 Smallcaps", "nativeSign sign fail", "Sketch Rockwell", "targetTouches", "新版签名异常", "ネットワークのつなぎ状態が不安定です", "'>\n <span class='title ", "protocol", "RISK_LOCAL_PHONE_FAILED", "waitSync", "miniprogram", "117", "prompt", "handlerClick", "127051", "indexOf", "wordSpacing", "TimesTamp", "func", "MAX_ARRAY_TEXTURE_LAYERS", "inline", "symbol", "NETWORK_REDIRECT_CODE", "list", "fastKey", "&Date=", "Euphemia", "BlairMdITC TT", "Hoefler Text", "msg", "Undefined", "Hiragino Kaku Gothic ProN", "trys", "getOrigin", "hex", "#FFBD00", "Bremen Bd BT", "BLUE_BITS", "Safari", "AvantGarde Bk BT", "&YodaKNB=1", "RISK_FACE_IDENTITY_NOT_MATCHED", "gzip", "hasAttribute", "textContent", "121124", "Perpetua", " is not an object!", "getWebglVendor", "UPSMS", "c_techportal_verify", "_state", "></div>\n <div class='moveingBar ", "rangeMin", "getStringHashMD5", "availWidth", "Bernard MT Condensed", "drawArrays", "jump", "https://s3plus.meituan.net/v1/mss_f231eb419c414559a1837748d11d4312/yoda-resources/slider/m_loading.png", "invalidateFramebuffer", "top", "Uint16Array", "loadSource", "moveingBarError ", "Vrinda", "withCredentials", "Heiti SC", "label", "Wingdings 3", "Kannada Sangam MN", "[null]", "not a function", "Curlz MT", "Forte", "Constantia", "Amazone BT", "iterator", "动态签名", "121002", "Bandy", "op-symbols", "Pegasus", "RISK_NO_SUCH_METHOD", "getShaderPrecisionFormat", "getwd", "hash", "done", "succCallbackUrl", "Can't call method on ", "MONO", "Tahoma", "BankGothic Md BT", "MAX_COLOR_ATTACHMENTS", "forEach", "safari", "127021", "code=", "FILLPHONENUMBER", "Old English Text MT", "startX", "Bodoni 72", "'></div>\n <div class='circle4 ", "MAX_TEXTURE_LOD_BIAS", "Traditional Arabic", "Humanst521 BT", "MAX_DRAW_BUFFERS_WEBGL", "'></div>\n <div class='circle9 ", "sessionStorage", "defineProperty", "plugins", "versionCode", "changedTouches", "move", "VERSION", "data-listindex", "boxLoading", "VisualUI", "127031", "getSupportedExtensions", "zh-CN", "CM_TOKEN_FAIL", "callUrl", "html", "getFloat32", "Array index out of range", "clientY", "Perpetua Titling MT", "Lucida Sans Typewriter", "Showcard Gothic", "e58ee51eebaa25f3", "_Ke", "pauseTransformFeedback", "request_", "isDegrade", "NETWORK_SERVER_TIP", "121044", "clearBufferfv", "2.6.12", "Mistral", "experimental-webgl", "bindBufferBase", "12149608HJKMSb", "Colonna MT", "RESULT_OK", "sliderPCPoint", "moveingBar", "uniform2uiv", "121006", "success", "Object.defineProperty called on non-object", "Firefox", "offsetY", "origin_request_code", "availHeight", "Promise.race accepts an array", "charAt", "成功回调丢失参数", "drag the slider ", "value", "Minion Pro", "application/x-www-form-urlencoded", "Not_Bridge", "127", "Available", "uniform1uiv", "__API_URL__", "Angsana New", "\n <div class='yoda-slider-wrapper ", "Jester", "constructor", "Browallia New", "String", "121129", "session", "OPR", "121049", "count", "getSourcePath", "Bauer Bodoni", "freeze", "99999", " class='sel ", "then", "UNIFORM_BUFFER_OFFSET_ALIGNMENT", "FRAGMENT_SHADER", "{}.constructor(\"return this\")( )", "keyboardEvent", "onFulfilled", "Wingdings", "MAX_UNIFORM_BLOCK_SIZE", "textDecoration", "Lao UI", "Microsoft Edge", "MingLiU", "handlerHelp", "time", "BatangChe", "Andalus", "CopperplGoth Bd BT", "Matura MT Script Capitals", "clientWaitSync", "race", "loading", "data-verifyid", "utils", "Book Antiqua", "callee", "Yes, D3D9", "_deferreds", "MAX_PROGRAM_TEXEL_OFFSET", "doms", "touchstart", "compileShader", "ceil", "uniformMatrix2x4fv", "isDrag", "setItem", "Rockwell", "createElement", "Kaito", "RISK_PARAMS_LOST", "bufferData", "getOwnPropertySymbols", "Nyala", "WX_miniProgram", "click", "configurable", "Microsoft JhengHei", "clientHeight", "promise", "DOM Exception 5", "#FD9B29", "您的请求出现了异常", "Bank Gothic", "Segoe Print", "chrome", "listenwd", "Fixedsys", "Tw Cen MT Condensed", "globalTimer", "PC上显示了i版的滑动", "RISK_AUTHORIZE_CODE_FAIL", "actualMove", "buffer", "b_techportal_7nezp2sy_mc", "American Typewriter", "Microsoft Yi Baiti", "Corbel", "ChelthmITC Bk BT", "YODA_Bridge", "AES must be instanitated with `new`", "setFloat64", "NETWORK_FAILURE_CODE", "Not available", "Antique Olive", "connect", "Palatino", "Wingdings 2", "GulimChe", "MingLiU-ExtB", "isFrozen", "replace", "English 111 Vivace BT", "dianping", "Url", "\n precision mediump float;\n varying vec4 v_color;\n void main() {\n gl_FragColor = v_color; // return reddish-purple\n }\n ", "RISK_NAME_IDENTITY_INFO_NOT_FOUND", "getElementById", "texImage3D", "Kokila", "MV Boli", "riskLevelInfo", "lowp", "Korinna BT", "render", "加载图片失败", "sendBatch", "#490F44", "121046", "reduce", "circle9", "tagName", "Magneto", "Reflect", "knbFun", "Sinhala Sangam MN", "HIGH_INT", "onVerifySuccess", "PKCS#7 invalid padding byte", "Helvetica Neue", "_getter", "webdriver-evaluate", "Malformed string", "Zurich Ex BT", "editFinishedTimeStamp", "DELICIOUS", "BANKCARDREALNAME", "Rockwell Extra Bold", "Accessors not supported!", "'>\n <p class='title ", "KaiTi", "uniformMatrix4x2fv", "ShelleyVolante BT", "Shonar Bangla", "TT_miniProgram", "getWdLength", "renderbufferStorageMultisample", "LUCIDA GRANDE", "absolute", "detachShader", "Santa Fe LET", "AudioContext", "KodchiangUPC", "sliderStopDrag", "string", "ADOBE CASLON PRO", "use", "__lastWatirAlert", "ajaxError", "CAT", "cookieChromeDriver", "FACE", "shadowBlur", "121058", "121000", "Nadeem", "webdriver-evaluate-response", "RISK_MOBILE_NOT_EXIST", "\n </div>\n </div>\n ", "Poster", "Levenim MT", "setUint16", "VERTEX_SHADER", "Network is redirecting, please try again later", "copyTexSubImage3D", "'>立即验证</button>\n </div>", "webdriverScriptFn", "Gloucester MT Extra Condensed", "valueOf", "'>为了您的账号安全请选择一种方式完成验证</p>\n </div>\n <div id=", "ALPHA_BITS", "INPUT", "toBytes", "121139", "writable", "getHash", "table", "\n <div style='height: 90vh; text-align: center; font-size: 16px;\n background: url(https://s3plus.meituan.com/v1/mss_f231eb419c414559a1837748d11d4312/yoda-resources/errorBg.png) center center no-repeat;'>\n <div style=\"padding-top: 50%;\">\n <p style=\"line-height: 32px;font-size: 1.2em;font-weight: bold; color: #333;\">出错了</p>\n <p style=\"line-height:32px; font-size: 1em; color: #333;\">", "drawArraysInstanced", "preventExtensions", "Snap ITC", "get", "PTBarnum BT", "<div style=\"text-align: center;\">\n <button type='button' id='toggleBtn'\n style='", "Segoe UI Light", "endQuery", "121043", "strip", "history", "SILKSCREEN", "keyCode", "RENDERER", "pixelDepth", "$chrome_asyncScriptInfo", "72px", "Gulim", "join", "crypto", "(((.+)+)+)+$", "document", "__defineGetter__", "Malgun Gothic", "layer", "MAX_VERTEX_UNIFORM_VECTORS", "Utsaah", "circle8", "decodeURIComponent", "a_position", "Bodoni 72 Oldstyle", "Courier New", "您的网络状况不好", "113", "_value", "Promise", "boxStatic ", "loadCircle", "linearRampToValueAtTime", "Ribbon131 Bd BT", "clientX", "getFloat64", "127041", "Letter Gothic", " : undefined", "span", "121065", "__webdriver_unwrapped", "knbGroup", "Uint32Array", "Narkisim", "vertexAttribI4uiv", "Futura", "toPrimitive", "deleteShader", "fontend sign error", "length", "スライダを右にドラッグする", "121088", "RISK_VERIFY_PAYPWD_USE_PAY_ERROR_LIMIT", "Arrus BT", "findIndex", "Monaco", "Bookman Old Style", "signal", "MULTIPLE", "MAX_VARYING_COMPONENTS", "round", "boxWrapper", "color: ", "</p>\n <div class='box-wrapper ", "Incised901 Lt BT", "121067", "BrowalliaUPC", "deleteSampler", "global", "trajectory", "setRequestHeader", "Informal Roman", "deleteProgram", "NOT_TELECOM_OPERATORS", "RISK_DEFAULT_ERROR", "MAX_TEXTURE_MAX_ANISOTROPY_EXT", "MAX_RENDERBUFFER_SIZE", "121003", "navigateBack", "createAnalyser", "MAX_UNIFORM_BUFFER_BINDINGS", "response_code", "invalid ciphertext size (must be multiple of 16 bytes)", "Fruitger", "Univers", "Not implemented", "texSubImage3D", "Herald", "keydown", "padding", "Batang", "uniqueId", "Niagara Engraved", "FrnkGothITC Bk BT", "FuturaBlack BT", "search", "リクエストがエラー発生しました", "succModule", "deleteTransformFeedback", "MS UI Gothic", "system", "getPrototypeOf", "NETWORK_TIMEOUT_TIP", "s_s_c", "Trajan", "PRINCETOWN LET", "Leelawadee", "removeChild", "delLastItem", "IDREALNAME", "onFreeze", "121007", "_yoda_config", "__selenium_unwrapped", "RISK_LEVEL_DENY", "121055", "metric", "map", "listindex", "wapi", "random", "Brush Script MT", "boxError ", "EAT BETTER LIVE BETTER", "FONTIN", "getCanvasFp", "host", "#dd403b", "KS_miniProgram", "Dauphin", "Eat Better, Live Better", "__driver_evaluate", "_WEBDRIVER_ELEM_CACHE", "meituan", "strokeText", "seed", "Didot", "response", "pkcs7", "yodaButtonTextColor", "btoa", "ADOBE GARAMOND PRO", "pow", "mediump/", "isSampler", "_lastCipherblock", "meta", "cookie", "News Gothic", "Algerian", "MoolBoran", "PMingLiU-ExtB", "webdriverElemCache", "getOwnPropertyDescriptor", "未找到Native通信桥", "AES", " | ", "https://verify.inf.test.meituan.com/feedback/manmachine/#/?requestCode=", "getFragDataLocation", "versions", "&Url=", "Baskerville Old Face", "clearBufferfi", "inspectSource", "Kunstler Script", "request_status", "POST", "Imprint MT Shadow", "hasOwnProperty", "Impact", "Chalkboard SE", "initTimeStamp", "; border-color: ", "clearBufferuiv", "atob", "Arial Narrow", "121010", "isArray", "error", "requestAnimationFrame", "sliderMoveDrag", "MEDIUM_FLOAT", "MS PMincho", "catch", "RISK_USER_RESETPWD_CODE_EXPIRE", "getParameter", "Palatino Linotype", "isNative", "enumerable", "Lydian BT", "request", "Andale Mono", "121099", "pop", "9845046xsMoly", "RISK_VERIFY_ERROR_TIMES_LIMIT_ONE_DAY", "frequencyBinCount", "wwt", "失败回调丢失参数", "Marlett", "getUint32", "16px xxx", "MS Outlook", "OzHandicraft BT", "webGroup", "cbc", "GoudyOLSt BT", "byteOffset and length reference an area beyond the end of the buffer", "createBuffer", "BinnerD", "timeout", "AmerType Md BT", "HEAD", "beginPath", "Kristen ITC", "sliderH5Point", "postMessage", "verifyMethodVersion", "Kartika", "target", " : function", "closePath", "some", "RISK_INFERENCE_VERFY_FAILED", "使用了touchstart事件触发了滑块", "fontWeight", "getFloatFrequencyData", "GET", "__dsc__", "moveDrag", "NETWORK_ERROR", "HTTP请求失败", "serif", "MAX_FRAGMENT_INPUT_COMPONENTS", "MS Serif", "844216KxeYsB", "requestCode", "glVersion", "#3974CC", "RISK_VERIFY_ERROR_TIMES_LIMIT", "contentEncoding", "RISK_PARAM_INVALID", "body", "Savoye LET", "frequency", "uniform3ui", "beginTransformFeedback", "Array too large for polyfill", "121130", "getShaderParameter", "domReady", "RISK_UP_SMS_PHONE_NO_NOT_SUPPORT", "concat", "yodaSliderTip", "origin", "vertexAttribI4i", "ontimeout", "121056", "KNB_Bridge_publish swap", "className", "Array contains invalid value: ", "invalid plaintext size (must be multiple of 16 bytes)", "closePage", "unable to locate global object", "RISK_USER_NOT_SUPPORT", "Albertus Extra Bold", "ISPREALNAME", " is not a function!", "请向右拖动滑块", "referrer", "split", "Zapfino", "[object Window]", "framebufferTextureLayer", "define", "document.F=Object", "121145", "Script", "Aharoni", "Apple SD Gothic Neo", "INVALID_CHARACTER_ERR", "RISK_AUTH_TIME_OUT", "Charlesworth", "copyWithin", "__fxdriver_evaluate", "version", "unsupported array-like object", "Futura ZBlk BT", "Denmark", "mtaction", "Marigold", "></div>\n <label class='bg-tip'>", "Copperplate Gothic Bold", "send", "utf8Decode", "env", "isTitans", "config", "Microsoft PhagsPa", "blur", "getSearch", "OCR A Extended", "globalPCCombinationWrapper", "Castellar", "COLOR_BUFFER_BIT", "Old Century", "_pack", "Arguments", "SLIDER", "ZapfHumnst BT", "Times New Roman", " class='btn' data-listIndex='", "status", "Blackadder ITC", "_yoda_options", "setFloat32", "__wxjs_environment", "getTime", "stroke", "getWebglRenderer", "#ff6633", "Unexpected argument type(s)", "startY", "offsetWidth", "Times New Roman PS", "'></div>\n <div class='circle2 ", "setBoxPosition", "Modern No. 20", "number", "lwe", "isDPApp", "domAutomationController", "addRequestSignature", "fp_", "isVertexArray", "></div>\n <div class='globalCombinationWrapper'>\n <div class='titleWrapper'>\n <p class='title'>为了您的账号安全</p>\n <p class='title'>请选择一种方式完成验证</p>\n </div>\n <div id=", "_immediateFn", "moveingBarError", "getSyncParameter", "163", "monospace", "__sc__", "YODA_Bridge_publish swap", "WEBKIT_EXT_texture_filter_anisotropic", "Malayalam Sangam MN", "😜😂😍", "bindSampler", "RISK_GET_VERIFY_CODE_CNT_REACH_LIMIT", "focus", "__webdriver_evaluate", "length of buffer minus byteOffset not a multiple of the element size", "inputName", "renderer", "WEBGL_draw_buffers", "\n </div>\n </div>\n ", "circle5", "Unfinished UTF-8 octet sequence", "MAX_TRANSFORM_FEEDBACK_INTERLEAVED_COMPONENTS", "2<sup>", "Gurmukhi MN", "riskLevel", "onRejected", "Rockwell Condensed", "fillText", "getMonth", "SUDOKU", "RISK_RETRY_GET_VERIFY_INFO_LIMIT", "zone", "HELV", "121009", "highp/", "getFullYear", "uniformMatrix2x3fv", "endTransformFeedback", "WebGL2RenderingContext", "NETWORK_SERVER_CODE", "Win64", "Socket", "Skia", "throw", "readyState", "uniformMatrix3x2fv", "Unstable network", "网络重定向,请稍后再试", "MAX_FRAGMENT_UNIFORM_BLOCKS", "Verdana", "121061", "asyncScriptInfo", "__lastWatirPrompt", "createProgram", "Hiragino Mincho ProN", "146", "Ravie", "isExtensible", "121045", "MAX_VARYING_VECTORS", "#d66500", "Minion", "swan", "Server exception, please try again later", "FACEREALNAME", "CG Omega", "toggleBtn", "Krungthep", "transformFeedbackVaryings", "yodaLoaded", "stopDrag", "Gill Sans Ultra Bold", "every", "00300", "response_code=", "decrypt", "Cordia New", "attributes", "STENCIL_BITS", "fenceSync", "RISK_VERIFY_INFO_LOSE_EFFICACY", "&Content-Type=", "INFERENCE", "getOwnPropertyNames", "Roman", "help", "RISK_NO_SUCH_ACTION", "SHADING_LANGUAGE_VERSION", "console", "sel", "callback", "Character outside valid Unicode range: 0x", "viewport", "XDomainRequest", "image_", "<div class='btnWrapper ", "121052", "trace", "Bodoni MT Poster Compressed", "category", "Informal011 BT", "RED_BITS", "dealMove", "action", "Tunga", "fftSize", "121137", "textTransform", "width", "Papyrus", "Arial Hebrew", "return", "getbyte64", "sliderHelp", "130", "\n <div id=", "Yoda", "b_techportal_454uvzut_mv", "[object ", "Promises must be constructed via new", "warn", "copyBufferSubData", "__fxdriver_unwrapped", " : object", "00400", "Can't convert object to primitive value", "French Script MT", "postVerify", "getItem", "linkProgram", "pad", "Uint8Array", "RISK_FAKE_LOGIN_STATUS", "'>\n <div class='loadCircle ", "description", "Symbol.", "c_techportal_gn2c4ki7", "Cezanne", "© 2020 Denis Pushkarev (zloirock.ru)", "Gautami", "Gill Sans Ultra Bold Condensed", "UNMASKED_VENDOR_WEBGL", "Meiryo UI", "144", "RISK_KLINGON_OUT_OF_SERVICE", "MIN_PROGRAM_TEXEL_OFFSET", "Lucida Console", "sans-serif", "Type", "samplerParameterf", "Microsoft Himalaya", "abcdefghijklmnopqrst", "vertexAttribIPointer", "webgl2", "dataset", "MAX_TEXTURE_IMAGE_UNITS", "Geometr231 Lt BT", "resumeTransformFeedback", "Kaufmann BT", "contentType", "shadowOffsetX", "121098", "Int8Array", "n/a", "cancelAnimationFrame", "responseCode", "NEED", "不支持webgl", "Heiti TC", "slider", "Kaufmann Bd BT", "position", "RISK_FAKE_REQUEST", "yodaTheme", "MAX_VERTEX_UNIFORM_COMPONENTS", "MS Gothic", "PosterBodoni BT", "webkitAudioContext", "_token", "null", "18rmNHPl", "ArrayBuffer size is not a small enough positive integer.", "bindVertexArray", "Chrome", "l_s_c", "btnWrapper", "Kailasa", "'></div>\n <div class='circle7 ", "Heather", "Abadi MT Condensed Light", "b_techportal_whiteDuration_mv", "MicroMessenger", "Eras Bold ITC", "Westminster", "KNB", "onMove", "SWAN_miniProgram", "Eras Medium ITC", "MAX_CUBE_MAP_TEXTURE_SIZE", "Comic Sans MS", "nodeName", "decryptFromBase64", "Cipher Block Chaining", "MAX_FRAGMENT_UNIFORM_VECTORS", "Geometr231 Hv BT", "Bauhaus 93", "Agency FB", "Calligrapher", "samplerParameteri", "YODA_KNB_Bridge", "succCallbackKNBFun", "LOCAL_PHONE", "CM_PRESIGN_FAIL", "removeItem", "BernhardMod BT", "Big Caslon", "start", "Parchment", "Thonburi", "yodaBoxWrapper", "ops", "DB LCD Temp", "verifyid", "head", "screen", "webGl2Support", "MODULE_NAME", "filterRiskLevel", "finally", "fontFamily", "Kabel Bk BT", "Edwardian Script ITC", "getContextAttributes", "YodaSeed", "Request exception,please try again later", "client", "_unpack", "Bangla Sangam MN", "requestContent", "option", "defaultPrevented", "code", "MAX_TEXTURE_SIZE", "145", "oceanPoint", "Sceptre", "deleteQuery", "webdriverCommand", "QObject", "firstTimeStamp", "copyright", "Segoe Script", "preventDefault", "143", "Maiandra GD", "Chaucer", "url", "verify", "</button>\n </div>", "CG Times", "Clarendon", "TYPED_ARRAY_POLYFILL_NO_ARRAY_ACCESSORS", "Market", "SCRIPTINA", "display", "Arial Black", "firstPaint", "_hidden", "b_techportal_verify_mv", "#FFC300", "location", "textAlign", "uniformMatrix4x3fv", "INTERSTATE", "getData", "Segoe UI Symbol", "javascript:", "Microsoft Sans Serif", "Symbol(", "GungsuhChe", "touches", "__webdriver_script_fn", "FreesiaUPC", "Generator is already executing.", "documentElement", "BIZBANKCARDNO", "Gill Sans MT", "subarray", "Georgia", "bezierCurveTo", "MAX_VERTEX_UNIFORM_BLOCKS", "FormData", "Request exception", "Arial MT", " bit mantissa", "boxLoading ", "bindEvent", "Cochin", "Candara", "Chiller", "getSamplerParameter", "mounted", "unknown", "Signboard", "VENDOR", "webdriverAsyncExecutor", "parse", "' data-verifyId='", "exception", "sort", "push", "Fransiscan", "capture", "DokChampa", "sliderTitle", "swap", "maoyan", "native-function-to-string", "PMingLiU", "store", "Float64Array", "Onyx", "MYRIAD PRO", "Miriam", "maxLeft", "moveingBarX", " is not iterable(cannot read property Symbol(Symbol.iterator))", "prototype", "encrypt", "></div>\n </div>", "Null", "drawBuffers", "uniform4ui", "2027970QcUipj", "Benguiat Bk BT", "'\n data-listIndex='", "clientWidth", "Symbol is not a constructor!", "__yoda_api_ua__", "createGain", "nativeSign sign v3 fail", "121051", "deleteSync", "createVertexArray", "DIN", "YodaWeb", "PLATFORM", "report", "Small Fonts", "121036", "RISK_FACE_REQUEST_LIMIT_EXCEEDED", "texStorage3D", "Vani", "getActiveUniforms", "source", "texStorage2D", "MAX_VIEWPORT_DIMS", "createShader", "__proto__", "RISK_UP_SMS_ACTION_NOT_SUPPORT", "log", "30px serif", "nextVerifyMethodId", "FLOAT", "box", "$cdc_asdjflasutopfhvcZLmcfl_", "Comic Sans", "MAX_VERTEX_OUTPUT_COMPONENTS", "Boulder", "subtitle", "square", "Calisto MT", "Lucida Bright", "Britannic Bold", "Felix Titling", "fulfilled", "MAX_TRANSFORM_FEEDBACK_SEPARATE_COMPONENTS", "native", " is not a symbol!", "Chalkboard", "circle2", "hasInstance,isConcatSpreadable,iterator,match,replace,search,species,split,toPrimitive,toStringTag,unscopables", "stringify", "Kabel Ult BT", "getInt16", "Tristan", "script", "white", "tip", "frame", "Geneva", "JasmineUPC", "lineBreak", "splice", "reverse", "Eras Light ITC", "style = \"", "page", "#FFFFFF", "WSH", "Bembo", "CloisterBlack BT", "Possible Unhandled Promise Rejection:", "href", "object", "Terminal", "wg_", "boxOk", "unshift", "Eras Demi ITC", "Aurora Cn BT", "boolean", "uniform3uiv", "des_", "jsCode", "Vijaya", "0123456789abcdef", "Elephant", "toStringTag", "WEBGL_debug_renderer_info", "Snell Roundhand", "type", "Oriya Sangam MN", "token", "drawElementsInstanced", "colorDepth", "Consolas", "Gabriola", "/info", "mouseup", "filter", "121136", "all", "wVU", "platform", "Harlow Solid Italic", "Baskerville", "seal", "\n <div class='globalLoadModel ", "MAX_FRAGMENT_UNIFORM_COMPONENTS", "onload", "#F5E905", "circle7", "fromCharCode", "isTransformFeedback", "driver-evaluate", "utf8Encode", "http", "RISK_FACE_IDENTITY_NUM_WRONG", "getPath", "121128", "onStop", "daxiang", "Win32", "网络资源异常,请稍后再试", "RISK_NO_SUCH_SCENE", "invalid ciphertext size (must be 16 bytes)", "failCallbackUrl", "onErrorHandle", "PetitaBold", "#FFD161", "innerWidth", "/script", "Albertus Medium", "_prepare", "uniform1ui", "LilyUPC", "BYTES_PER_ELEMENT", ": can't set as prototype!", "match", "Pythagoras", "MAX_COMBINED_VERTEX_UNIFORM_COMPONENTS", "Incised901 Bd BT", "Latha", "_phantom", "innerHTML", "create", "template", "Jenson", "b_techportal_k4nhr58y_mc", "Charter BT", "121040", "buffer length minus the byteOffset is not a multiple of the element size.", "RISK_FACE_NAME_WRONG", "200|", "121140", "PUZZLESLIDER", "getInt8", "<div class='btnWrapper'>\n <button type='button' ", "RISK_GET_VERIFY_INFO_ERROR", "DedicatedWorkerGlobalScope", "touchmove", "circle4", "tap", "News GothicMT", "backToStart", "getWebglRendererUnmasked", "next", "timestamp", "ARCHER", "'\n data-verifyId='", "'></div>\n <div class='circle6 ", "-Infinity", "Return", "Plantagenet Cherokee", "point", "Bodoni MT Condensed", "00102", "'></div>\n <div class='circle8 ", "Serifa", "find", "Futura Bk BT", "Pristina", "Galliard BT", "createOscillator", "GREEN_BITS", "documentMode", "keys", "RISK_VERIFYMETHOD_NOT_SUPPORT_ERROR", "yodaTip", "j_v", "audio_", "callbackName", "textBaseline", "Meiryo", "Miriam Fixed", "desc", "Microsoft YaHei", "[object z]", "' id=", "Uint8ClampedArray", "Simplified Arabic", "Wide Latin", "使用新版签名", "MODULE_VERSION", "appendChild", "NETWORK_TIMEOUT_CODE", "core", "setInt16", "custom", "styles", "sent", "font", "lineHeight", "yodaInitTime", "yodaVersion", "Gill Sans MT Ext Condensed Bold", "16118iwsyfk", "Chalkduster", "titleWrapper", "highp", "Yes", "jsVersion", "auto", "RISK_UP_SMS_OUT_OF_SERVICE", "setAttribute", "deleteVertexArray", "calledSelenium", "CaslonOpnface BT", "MAX_ELEMENT_INDEX", "maxDecibels", "left", "propertyIsEnumerable", "Cornerstone", "Marker Felt", "100oksGWu", "getUint16", "Sherwood", "getAttribute", "ARNO PRO", "f_e_s_e", "CT_PRESIGN_FAIL", "uniformBlockBinding", "addEventListener", "Univers CE 55 Medium", "now", "startDrag", "IE_PROTO", "contentWindow", "Bodoni MT", "121018", "Mongolian Baiti", "Times", "reload", "Authencation", "David", "MAX_COMBINED_TEXTURE_IMAGE_UNITS", "ids", "reason", "set", "wrapper", "yoda-language", "mousemove", "VOICE", "max", "GeoSlab 703 XBd BT", "RISK_ERROR_OUT_OF_LIMIT_AND_DOWNLOAD_APP", "removeEventListener", "ownKeys", "'>\n <div class='titleWrapper ", "Humanst521 Lt BT", "Window", "currentTime", "MS Reference Sans Serif", "NETWORK_REQUEST_TIP", "Microsoft New Tai Lue", "invalid key size (must be 16, 24 or 32 bytes)", "Charter Bd BT", "SINGLE", "Calibri", "EXT_texture_filter_anisotropic", "yodaHelp", "Century", "121066", "Dotum", "bindClick", "exports", "Content-Type", "&msg=", "content", "Playbill", "which", "YODA_CONFIG", "touchend", "ChromeDriverwjers908fljsdf37459fsdfgdfwru=", "_Kd", "honey", "Apple Chancery", "MAX_VERTEX_TEXTURE_IMAGE_UNITS", "onStart", "scrollTop", "Copperplate Gothic", "Courier", "PKCS#7 invalid length", "middle", "DotumChe", "MS Sans Serif", "easeOutCubic", "Jokerman", "Goudy Old Style", ">\n ", "Californian FB", "121004", "请求数据返回异常", "121094", "offsetHeight", "Mona Lisa Solid ITC TT", "gl2", "getWeak", "ALIASED_POINT_SIZE_RANGE", "Mangal", "reduceRight", "Lucida Fax", "lastIndexOf", "RISK_USER_NOT_BINDED", "undefined", "Jazz LET", "byteOffset out of range", "Geometr231 BT", "readBuffer", "RISK_SLIDER_VERIFY_FAILED", "from", "Berlin Sans FB", "RISK_FACE_IDENTITY_INFO_WRONG", "Gigi", "theme", "Int16Array", "encode", "WHITNEY", "createTransformFeedback", "Exotc350 Bd BT", "KNB_miniProgram", "getAttribLocation", "JSON", "RISK_FACE_LACK_REAL_NAME", "uniformMatrix3x4fv", "postBatch", "Berlin Sans FB Demi", "Academy Engraved LET", "MAX_VERTEX_ATTRIBS", "Copperplate", "webdriver", "GROUP", "addHandler", "failIfMajorPerformanceCaveat", "创建请求对象失败", "reject", "fontStyle", "Int32Array", "fromBytes", "toLowerCase", "createLinearGradient", "Monotype Corsiva", "__lastWatirConfirm", "Not enough arguments", "multiply", "EngraversGothic BT", "toString", "__webdriverFunc", "错误信息:", "Lucida Sans Unicode", "HTTPMethod", "circle", "\n attribute vec4 a_position;\n uniform mat4 u_matrix;\n varying vec4 v_color;\n void main() {\n gl_Position = a_position;\n v_color = gl_Position * 0.5 + 0.5;\n }\n ", "Object", "_handled", "Gungsuh", "invalid initialation vector size (must be 16 bytes)", "compressedTexSubImage3D", "resolve", "facespeech", "00500", "vertexAttribI4ui", "BernhardFashion BT", "dragRight", "yodaBox", "open", "sliderReturn", "LN2", "addColorStop", "ZWAdobeF", "center", "shadowColor", "#FFB000", "MYRIAD", "inputs", "_aes", "AngsanaUPC", "TRAJAN PRO", "info", "Palace Script MT", "服务器异常,请稍后再试", "createSampler", "SimSun", "clearBufferiv", "121999", "drawRangeElements", "Copperplate Gothic Light", "wks", "fillStyle", "isQuery", "toutiaomicroapp", "height", "listIndex", "return this", "Broadway", "121093", "onerror", "Helvetica", "sendLog", "Lucida Handwriting", "disconnect", "yodaSel", "Opera", "IrisUPC", "gain", "参数异常,请检查", "Bell MT", "showMessage", "ModeOfOperation", "setInt8", "userAgent", "EucrosiaUPC", "YODA_VERSION", "121142", "American Typewriter Condensed", "DaunPenh", "whiteDuration", "isObject", "Bodoni MT Black", "bindTransformFeedback", "stack", "Ebrima", "Promise.all accepts an array", "HTTPMethod=POST&Content-MD5=", "STATIC_DRAW", "NSimSun", "Century Gothic", "/verify", "post", "fail", "NETWORK_REQUEST_CODE", "mtgsig", "jsType", "Haettenschweiler", "PKCS#7 padding byte out of range", "KEY", "INCONSOLATA", "timeoutListen", "test", "Juice ITC", "UNMASKED_RENDERER_WEBGL", "</sup>", "Segoe UI Semibold", "Symbol", "mode", "antialias", "jsError", "blitFramebuffer", "0px", "Cambria Math", "getIndexedParameter", "<div style='margin-top: 8em;text-align: center;font-size: 16px;'>\n <button id='yodaHelp' style='padding: 0 2em;color: rgba(0, 0, 0, .84); background: rgba(255, 255, 255, .6); border: 1px solid rgba(0, 0, 0, .12);border-radius: 0.6em'>\n <span><img style='width: 2em;vertical-align: middle;' src='https://s3plus.meituan.net/v1/mss_f231eb419c414559a1837748d11d4312/yoda-resources/help_icon.png'/></span>\n <span style='display: inline-block;line-height: 3em;vertical-align: middle;font-size: 1.3em;'>帮助</span>\n </button>\n </div>", "getActiveUniformBlockParameter", "vertexAttribPointer", "vertexAttribDivisor", "RISK_GET_VERIFYINFO_TIMES_LIMIT_ONE_DAY", "Gisha", "event", "Futura Lt BT", "MS LineDraw", "isSealed", "selenium-evaluate", "BUTTON", "FangSong", "Futura Md BT", "moveingbar", "121138", "Apple Color Emoji", "GoudyHandtooled BT", "btn", "IMAGE", "2397388dcLsoC", "&request_code=", "phantom", "iframe", "vertexAttribI4iv", "AVENIR", "sliderType", "encryptToBase64", "ArrayBuffer", "defineProperties", "RISK_VOICE_SEND_TIMES_LIMIT_ONE_DAY", "letterSpacing", "__$webdriverAsyncExecutor", "init", "PC_FACE", "rohr_", "DEPTH_BITS", "canvas", "isDoubleTap", "Script MT Bold", "innerHeight", "cd_frame_id_", "ontouchstart", "GOTHAM", "getTransformFeedbackVarying", "getInternalformatParameter", "mousedown", "Lithograph", "MAX_SAMPLES", "getWebGlReport", "RISK_REAL_NAME_AUTH_STATUS_ERROR", "outline", "Edge", "initSlider", "Zurich BlkEx BT", "Bazooka", "Long Island", "compressedTexImage3D", "OSAKA", "MS Mincho", "Segoe UI", "useProgram", "0123456789ABCDEF", "RISK_LEVEL", "length is not a small enough positive integer.", "getUint8", "LINK_STATUS", "OPTIMA", "Microsoft Tai Le", "_Selenium_IDE_Recorder", "getQueryParameter", "#F4F4F2", "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", "Poor Richard", "Arial Unicode MS", "cententWrapper", "Bad UTF-8 encoding 0x", "'></div>\n <div class='circle5 ", "Univers Condensed", "method", "DilleniaUPC", "Engravers MT", "_unhandledRejectionFn", "MOZ_EXT_texture_filter_anisotropic", "Shruti", "lastTime", "__defineSetter__", "Sakkal Majalla", "byteLength", "MAX_TRANSFORM_FEEDBACK_SEPARATE_ATTRIBS", "Clarendon Condensed", "Math", "SimHei", "] (", "Trebuchet MS", "ZapfEllipt BT", "RISK_RISK_LEVEL_NOT_VALID", "</label>\n </div>\n <div class='yoda-slider-tip ", "clear", "miniProgram", "当前请求状态", "サーバーが異常です。しばらくしてからもう一度お試しください", "createRadialGradient", "domAutomation", "MAX_SERVER_WAIT_TIMEOUT", "Modern", "message", "Arabic Typesetting", "tabindex", "clearColor", "timeoutCount", "Microsoft Uighur", "RISK_NO_AUTH", " : ", "block", "substring", "l_d_s_c", "Coronet", "invalidateSubFramebuffer", "div", "RISK_MERCHANT_ID_NOT_VALID", "Humanst 521 Cn BT", "jsonp_", "bindBufferRange", "121126", "webView", "textShadow", "Arial Rounded MT Bold", "Tw Cen MT Condensed Extra Bold", "/feedback/manmachine/#/?requestCode=", "ALIASED_LINE_WIDTH_RANGE", "Rage Italic", "publish", "#E10909", "Yes, D3D11", "stencil", "src", "moveingBarY", "attachShader", "'>\n <img class='slider-help ", "_starttime", "Simplified Arabic Fixed", "Rod", "orientation", "ajax", "quadraticCurveTo"];
_0x5b47 = function () {
return _0x25463d;
};
return _0x5b47();
}
(function(_0x228440, _0x45709d) {
var _0x4356e7 = _0x228440();
while (!![]) {
try {
var _0x116f44 = parseInt(_0x24f5(0x596)) / 0x1 * (-parseInt(_0x24f5(0x5a8)) / 0x2) + -parseInt(_0x24f5(0x39)) / 0x3 + parseInt(_0x24f5(0x30e)) / 0x4 * (parseInt(_0x24f5(0x4d)) / 0x5) + parseInt(_0x24f5(0x427)) / 0x6 * (parseInt(_0x24f5(0x6a9)) / 0x7) + -parseInt(_0x24f5(0x14d)) / 0x8 + parseInt(_0x24f5(0x2e5)) / 0x9 + -parseInt(_0x24f5(0x4c0)) / 0xa;
if (_0x116f44 === _0x45709d)
break;
else
_0x4356e7['push'](_0x4356e7['shift']());
} catch (_0x4f5641) {
_0x4356e7['push'](_0x4356e7['shift']());
}
}
})(_0x5b47, 0xedc46)
function _0x24f5(_0x3b92fb, _0x1d45ea) {
var _0x1fbea5 = _0x5b47();
return _0x24f5 = function(_0x1415da, _0x306f35) {
_0x1415da = _0x1415da - 0x0;
var _0x534c81 = _0x1fbea5[_0x1415da];
return _0x534c81;
}
,
_0x24f5(_0x3b92fb, _0x1d45ea);
}
module.exports = _0x24f5;
三、请求page_data链接
这里用之前返回的requestCode作为参数请求,session、sign、timestamp、verifyMethodVersion、yodaVersion后面都会用到
四、逆向Authencation、behavior、token_
(1)behavior,参数定位:
注:这里的point轨迹t和后面token加密的mt轨迹是相互验证的
继续往后跟会到这里
这里对之前拿到的session进行atob,生成一段代码再eval下,会决定接下来走switch的那个case。
再继续往后跟,到这里
这个f是一开始就生成的,这里是拿了一开始返回的session和sign生成一段代码,最后再执行这段代码得到f,位置如下:
这里他自己hook了这个window.f
这里需要补的环境如下(这个滑块也就这点环境,如果发现还检测了其他东西删掉即可,不影响整个算法的生成):
window = global;
var md5 = require('md5-node');
var Buffer_ = window.Buffer;
window.Buffer = undefined;
screen = {
'availHeight':1040,
'availLeft':0,
'availTop':0,
'availWidth':1920,
'colorDepth':24,
'height':1080,
'pixelDepth':24,
'width':1920,
'isExtended':true
}
localStorage = {
Storage:{
'length':0
}
}
navigator = {}
navigator.geolocation = new (class Geolocation{});
navigator.geolocation.getCurrentPosition = function getCurrentPosition(){
debugger;
};
navigator.geolocation.clearWatch = function clearWatch(){
debugger;
};
navigator.geolocation.watchPosition = function watchPosition(){
debugger;
};
HTMLBodyElement = function HTMLBodyElement(){debugger;}
!function(){
this.atob = function(encodeBase64){
// debugger;
return Buffer_.from(encodeBase64, "base64").toString("binary")
}
this.btoa = function(decodeBase64){
// debugger;
return Buffer_.from(decodeBase64, "binary").toString("base64")
}
}()
;
(2)token,参数定位:
token和behavior的生成算法是一样的,所以只说下需要注意的地方
这里同样是ts和cts需要改下,mt是轨迹,检测较为严格,其他都不怎么检测,再次提醒这个mt和behavior的point是有关联的,打印下对比下就知道了
(3)Authencation,参数定位
这里用到了很多之前的返回的参数
注:这个timestamp是返回的,不是实时获取的,后面的验证请求也是这个timestamp
五、请求验证
晚安~